OpenBSD 5.5 Released

← Back to Stories (view on slashdot.org)

Posted by timothy on Thursday May 1, 2014 @04:57AM from the always-just-in-time dept.

ConstantineM (965345) writes "Just as per the schedule, OpenBSD 5.5 was released today, May 1, 2014. The theme of the 5.5 release is Wrap in Time, which represents a significant achievement of changing time_t to int64_t on all platforms, as well as ensuring that all of the 8k+ OpenBSD ports still continue to build and work properly, thus doing all the heavy lifting and paving the way for all other operating systems to make the transition to 64-bit time an easier task down the line. Signed releases and packages and the new signify utility are another big selling point of 5.5, as well as OpenSSH 6.6, which includes lots of DJB crypto like chacha20-poly1305, plus lots of other goodies."

22 of 128 comments (clear)

Min score:

Reason:

Sort:

YAY for BSD by CheshireDragon · 2014-05-01 05:01 · Score: 4, Interesting

Even though I've never used it...

--
"That's right...I said it."
1. Re:YAY for BSD by Anonymous Coward · 2014-05-01 05:10 · Score: 3, Informative
  
  Fire up a VM and try it out, OpenBSD is a really nice OS to work with IMO.
2. Re: YAY for BSD by the_humeister · 2014-05-01 05:29 · Score: 2
  
  If not for the lack of ZFS, I would use OpenBSD. Instead my fileserver is running FreeBSD 10.
3. Re:YAY for BSD by QuietLagoon · 2014-05-01 05:45 · Score: 4, Insightful
  
  And there you go with the problem with it. OpenBSD has no holes in the install...
  Regardless of how you use an operating system, if the OS foundation is not secure, then anything you put on top of it cannot be secure.
  At least OpenBSD provides the secure foundation upon which you can build what you'd like. The security of what you build on top of OpenBSD is your responsibility.
4. Re:YAY for BSD by wonkey_monkey · 2014-05-01 05:51 · Score: 4, Funny
  
  It gets real abstract.
  Well, which is it?
  
  --
  systemd is Roko's Basilisk.
5. Re: YAY for BSD by Anonymous Coward · 2014-05-01 06:47 · Score: 3, Informative
  
  How to update Open BSD: insert CD, boot CD, select update. Wait a few minutes. Upgrade ports. Wait a few minutes. You are done.
  No CD? Copy base files to machine through SSH. Install files. Reboot. Upgrade ports. Wait a few minutes. You are done.
  Any other questions?
6. Re:YAY for BSD by CODiNE · 2014-05-01 07:50 · Score: 2
  
  The former latter.
  
  --
  Cwm, fjord-bank glyphs vext quiz
7. Re:YAY for BSD by metrix007 · 2014-05-01 08:03 · Score: 2
  
  Yeah, no. Heartbleed showed how meaningless theire claims of a secure default install are in this day and age.
  It used to mean something against Windows Servers and Linux Distros that had everything enabled by default, but not so much these days.
  All these years, and they hadn't even audited openssl, a key core component of the default install.
  
  --
  If you ignore ACs because they are anonymous - you're an idiot.
8. Re: YAY for BSD by rubycodez · 2014-05-01 08:12 · Score: 2
  
  openbsd has the Unix FFS (up to about 1TB volume size) and FFS2 (up to 8 zettabytes volume size)
9. Re:YAY for BSD by rubycodez · 2014-05-01 08:36 · Score: 2
  
  it is a joke, you're funny
  you could have made a backup copy of fstab before dicking with it. or followed the excellent OpenBSD documentation and made backup root partition.
10. Re:YAY for BSD by rubycodez · 2014-05-01 08:38 · Score: 2
  
  you sure? your printer doesn't have have controller running BSD? or network appliance?
11. Re:YAY for BSD by Kremmy · 2014-05-01 13:56 · Score: 2
  
  That is EXACTLY what he is saying given his comments regarding LLVM.
  Referring to this post in particular.
  His stance is a demonization of liberally licensed code, to a very unfortunate degree.
  I am absolutely not trolling when I say that man has given up freedom for ideology.
12. Re: YAY for BSD by TheRaven64 · 2014-05-01 20:56 · Score: 2
  FFS2 is basically the original Berkeley FFS (also known as UFS, but there are at least half a dozen incompatible filesystems called UFS, so that just gets confusing) with some extensions. It basically just increases the size of various fields in the inode data structure so that various limits are much larger. I'm not familiar with the OpenBSD implementation, but on FreeBSD it also supports soft updates (where metadata and data writes are sequenced so that the filesystem is aways consistent, although fsck may be required to clean up) and journalling. Aside from that, it's a fairly conventional inode-based FS. If you want snapshots, FreeBSD provides them at the block layer via GEOM (I don't know what the OpenBSD equivalent is).
  In contrast, ZFS rearranges all of the layering. At the lowest level, you have a set of physical devices that are combined into a single virtual device. On top of this is a layer that's responsible for storing objects and providing a transactional copy-on-right interface to the underlying storage. On top of this, you layer something that looks like a POSIX filesystem, or something that looks like a block device (or, in theory, something that looks like an SQL database or whatever).
  For the user, this means that a load of things are easy with ZFS that are hard with UFS:
  
  Creating snapshots with ZFS is a O(1) operation.
  
  Creating new filesystems with ZFS is about has hard as creating directories.
  
  Filesystems all have block-level checksums, can have multiple copies of files (if they're used for important stuff) on a single volume.
  
  Compression and deduplication can be enabled on a per-filesystem basis. With UFS, there's no deduplication (although it would be possible to write a block-level dedup implementation for GEOM), and compression is handled at the block device layer.
  
  You can delegate the rights to create and modify filesystem properties into jails safely with ZFS (not relevant to OpenBSD, as it lacks jails).
  --
  I am TheRaven on Soylent News
13. Re:YAY for BSD by TheRaven64 · 2014-05-01 20:58 · Score: 2
  
  Not true. It would have done if OpenSSL hadn't used a custom allocator, but the use of the custom allocator bypassed the policy in OpenBSD's malloc() that aggressively returns unused pages to the OS and causes this kind of fault. And why does OpenSSL have this custom allocator? Because without it people complain that malloc() implementations like the one in OpenBSD are too slow...
  
  --
  I am TheRaven on Soylent News
Missing libReSSL, as expected by Anonymous Coward · 2014-05-01 05:10 · Score: 4, Insightful

Before anyone asks, no, this new version of OpenBSD (version 5.5) does not include libReSSL yet.
That's not how OpenBSD operates. Neat announcements made even a month before an OpenBSD release do not usually appear in the very next OpenBSD release. There are cutoffs/deadlines, and the OpenBSD group is far more interesting in ensuring reliability than flashy new code that is only partially ready.
If you check the libReSSL.org website, libReSSL is planning to be included in OpenBSD 5.6, which I expect will be released on November 1, 2014. The OpenBSD group has a solid track record of making their official releases publicly available by the expected date.
To see an overview on what did get included in this version (like signed packages), see the release notes (which is pointed to by the first hyperlink of this Slashdot news story).
Next release... by msauve · 2014-05-01 05:12 · Score: 4, Funny

The next release is scheduled for a few years prior to Sunday, 4 December 292,277,026,596.

--
"National Security is the chief cause of national insecurity." - Celine's First Law
USB Installer! by Dimwit · 2014-05-01 05:43 · Score: 4, Informative

There's a USB installation image for i386 and amd64! Finally! Dear lord, it's been years. That's as big a deal as the time_t thing for me.

--
...but it's being eaten...by some...Linux or something...
NetBSD time_t by Anonymous Coward · 2014-05-01 05:44 · Score: 4, Informative

I use OpenBSD almost exclusively, but in all fairness NetBSD was the first to move to a 64-bit time_t on all its platforms.
Also, there's no chance that Linux would ever make such a jump. They'll invent something complex and annoying to maintain backward compatibility with all the proprietary crapware. OpenBSD and NetBSD can do it because they're not afraid to make everybody recompile their software.
(For people who don't understand the issue: on NetBSD and OpenBSD time_t is now 64-bits, even on 32-bit platforms. So the 2038 problem is non-existent going forward, even for 32-bit software.)
So how does it perform? by Anonymous Coward · 2014-05-01 06:12 · Score: 2, Interesting

I have used OpenBSD a number of times over the years but when I have tried to use it as a high performance server it falls on its face. Has it gotten any better?
1. Re:So how does it perform? by Anonymous Coward · 2014-05-01 06:55 · Score: 3, Insightful
  
  OpenBSD is not meant to be the fastest or most scalable OS in the world -- just the safest. The right tool for the job. You use OpenBSD as a firewall in front of your high performance server, which can then run whatever OS you choose. I wouldn't trust anything else. More specifically, the bare bones, well documented, best practice coded, continuously audited, secure by default approach means you can deploy an OpenBSD firewall router with minimal effort and minimal worry. Save the worry and effort for the potentially less secure OS's that are running behind the firewall.
Re:Why not try it? by metrix007 · 2014-05-01 08:05 · Score: 2

You use the same tools the scripts use. Ifconfig.
Choose a better distro and things wont be so obfuscated.

--
If you ignore ACs because they are anonymous - you're an idiot.
Re:Heartbleed not fixed in 5.5 by default by machine321 · 2014-05-01 12:25 · Score: 2

A third party has created an auto-update app.
https://stable.mtier.org/